Ubuntu 11.04 Server with encrypted LVM on dm RAID0 -- Incorrect metadata area header checksum - No volume groups found - ALERT! /dev/mapper/MachineName-root does not exist

Bug #824961 reported by John Woodley
36
This bug affects 6 people
Affects Status Importance Assigned to Milestone
cryptsetup (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Using Ubuntu 11.04 Server with encrypted LVM and installed the Ubuntu-Desktop GUI installed.
Unity is Disabled and using Classic Veiw.

I have encrypted the entire Ubuntu partition and the User /home...
I have been using this for a couple of weeks now and shutdown everynight.
I am now for some odd reason maybe the last update broke it; today Aug 11,2011 is the first day I got this issue, I am not sure the cause...
After booting it asks for my Passphrase to unlock the partition, which I type in but after that I get:

Enter passphrase: **************************************************************
 Reading all Physical volumes. This may take a while...
 Incorrect metadata area header checksum
 No volume groups found
 Incorrect metadata area header checksum
 No volume groups found
 /scripts/local-top/cryptroot: line 1: can't open /dev/mapper/MachineName-root:no such file
cryptsetup: isw_abcdefghij_RAID0-1p5_crypt set up successfully

Next screen:

udevd-work [79]: inotify_add_watch(6, /dev/dm-5, 10) failed: No such file or directory

udevd-work [79]: inotify_add_watch(6, /dev/dm-3, 10) failed: No such file or directory

Gave up waiting for root device. Common Problems:
 - Boot args (cat /proc/cmdline)
   - Check rootdelay= (did the system wait long enough?)
   - Check root= (did the system wait for the right device?)
 - Missing modules (cat /proc/modules; ls /dev)
ALERT! /dev/mapper/MachineName-root does not exist. Dropping to a shell!

BusyBox v1.17.1 (Ubuntu 1:1.17.1-1-ubuntu1) built-in shell (ash)
Enter 'help' for a list of built-in commands.

(inintramfs) ls
dev init conf lib var etc sys tmp
root lib64 scripts usr sbin bin proc
(initramfs)

I can not find any files /var/logs, I can browse /proc and /root and ls files in /proc which shows modules and cmdline files that for some reason are showing as missing?

Is there anything I can do like mount the encrypted partition with a Live CD to edit or copy certain files to allow Ubuntu to continue to boot up to the Desktop?

Thanks in advanced.

Revision history for this message
John Woodley (johnmwoodley) wrote :
Download full text (4.7 KiB)

I am noticing on my other Desktop Ubuntu 11.04 drive which I booted to submit this report, The Update Manager has Important security updates:

ecryptfs cryptografic filesystem (utilities) ecryptfs-utils (Size: 102 KB)

ecryptfs cryptografic filesystem (library) libecryptfs0 (Size: 65 KB)

--------------------------------------------
It looks like this could possibly be the cause since it was recently Updated.

--------------------------------------------
Changes Listed on update:

Changes for the versions:
87-0ubuntu1
87-0ubuntu1.1

Version 87-0ubuntu1.1:

  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
      before checking permissions in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1831
    - CVE-2011-1832
  * SECURITY UPDATE: race condition when checking source during mount
    (LP: #732628)
    - debian/patches/CVE-2011-1833.patch: use new ecryptfs_check_dev_ruid
      kernel option when mounting directory in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1833
  * SECURITY UPDATE: mtab corruption via improper handling (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
      file first and make sure it succeeds before replacing the real mtab
      in src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1834
  * SECURITY UPDATE: key poisoning via insecure temp directory handling
    (LP: #732628)
    - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
      user controlled directory in src/utils/ecryptfs-setup-private.
    - CVE-2011-1835
  * SECURITY UPDATE: information disclosure via recovery mount in /tmp
    (LP: #732628)
    - debian/patches/CVE-2011-1836.patch: mount inside protected
      subdirectory in src/utils/ecryptfs-recover-private.
    - CVE-2011-1836
  * SECURITY UPDATE: arbitrary file overwrite via lock counter race
    condition (LP: #732628)
    - debian/patches/CVE-2011-1837.patch: verify permissions with a file
      descriptor, and don't follow symlinks in
      src/utils/mount.ecryptfs_private.c.
    - CVE-2011-1837
----------------------------------------
Description:

eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux.
It provides advanced key management and policy features. eCryptfs stores cryptographic metadata in the header of each file written, so that encrypted files can be copied between hosts; the file will be decryptable with the proper key, and there is no need to keep track of any additional information aside from what is already in the encrypted file itself. Think of eCryptfs as a sort of "gnupgfs".
eCryptfs is a native Linux filesystem. The kernel module component of eCryptfs is part of the Linux kernel since 2.6.19.
This package contains the userland utilities.

-------------------------------------
Changes:

Changes for the versions:
87-0ubuntu1
87-0ubuntu1.1

Version 87-0ubuntu1.1:

  * SECURITY UPDATE: privilege escalation via mountpoint race conditions
    (LP: #732628)
    - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
      before checking permissions ...

Read more...

affects: ubuntu → cryptsetup (Ubuntu)
Revision history for this message
Steve Langasek (vorlon) wrote :

This shouldn't have anything to do with ecryptfs, which is not involved with LUKS-encrypted devices.

Please show the contents of /conf/conf.d/cryptroot from the initramfs of the affected system.

Changed in cryptsetup (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for cryptsetup (Ubuntu) because there has been no activity for 60 days.]

Changed in cryptsetup (Ubuntu):
status: Incomplete → Expired
Revision history for this message
Sebastian Senander (senanders) wrote :

This bug affects me too, on a nearly clean Ubuntu 12.04 install. However, I could not find a /conf/conf.d/cryptroot file as specified in the second last post.

I am able to boot into the system. But system-config-lvm shows me that /dev/mapper/... was renamed to /dev/dm-0.
The /dev/mapper/ partitions are shown as not initialised.

Help would be greatly appreciated.

Changed in cryptsetup (Ubuntu):
status: Expired → New
Revision history for this message
Sebastian Senander (senanders) wrote :

This tells my /var/log/boot.log:

  Reading all physical volumes. This may take a while...
  Found volume group "lvm" using metadata type lvm2
  The link /dev/lvm/swap should had been created by udev but it was not found. Falling back to direct link creation.
  3 logical volume(s) in volume group "lvm" now active
/scripts/local-top/cryptroot: line 1: can't open /dev/mapper/lvm-root: no such file

Revision history for this message
Steve Langasek (vorlon) wrote :

Sebastian, is this an encrypted VG at all?

Revision history for this message
Sebastian Senander (senanders) wrote :

Yes, it is encrypted. And I have to admit that this was a problem with the next kernel from precise-proposed. When I reverted back to the one from precise-updates, the message was gone.

I installed this kernel because of bug #991977, which solved that, but than this error occured. Maybe it is better to wait for an updated kernel?!

Revision history for this message
John Woodley (johnmwoodley) wrote :
Download full text (4.4 KiB)

I thought I would add more information:

This machine is using Stripe RAID is divided into 2 Drives (not partitions but 2 drives). The First RAID Drive has Ubuntu Server 11.04 with encrypted LVM on dm RAID0. The Second RAID0 drive has Windows XP. the Third Single Drive not in RAID has Ubuntu Desktop 11.10. I have not upgraded it to 12.04LTS yet.
Note: Grub does not know about the other OSes since it was installed before the other OSes and I use the BIOs Boot Menu to select the drive to boot from.

The system no longer drops to (initramfs) and no longer asks for the passphrase, due to constant rebooting, but it does do (grub).

When Booting to this first Drive in RAID0, I get the Grub Menu:
------------------------------------------------------------------------
  "GNU GRUB version 1.99~rcl-13ubuntu3".
Ubuntu, with Linux 2.6.38-10server
Ubuntu, with Linux 2.6.38-10-server (recovery mode)
Previous Linux Versions
Memory test (memtest86+)
Memory test (memtest86+, serial console 115200)

------------------------------------------------------------------------
If I select Previous Linux Version I get the GNU Grub Menu:
------------------------------------------------------------------------
  "GNU GRUB version 1.99~rcl-13ubuntu3".
Ubuntu, with Linux 2.6.38-8server
Ubuntu, with Linux 2.6.38-8-server (recovery mode)
------------------------------------------------------------------------
Selecting:
Ubuntu, with Linux 2.6.38-10server
Ubuntu, with Linux 2.6.38-10-server (recovery mode)
or
Ubuntu, with Linux 2.6.38-8server
Ubuntu, with Linux 2.6.38-8-server (recovery mode)
No longer gets me where I need to enter a Passphrase… It just reboots the machine.
------------------------------------------------------------------------
If I chose the 'c' Option it opens the GNU GRUB Command line option"
  "GNU GRUB version 1.99~rcl-13ubuntu3".
Minimal BASH-like line editing is supported. For the first word, TAB list possible command completions. Anywhere else TAB list possible device or file completions. ESC at any time exits.

grub>
------------------------------------------------------------------------

grub> ls
(hd0) (hd0,msdos5) (hd0,msdos1) (hd1) (hd1,msdos3) (hd1,msdos2) (hd1,msdos1) (hd2) (hd2,msdos1) (fd0)
grub>
------------------------------------------------------------------------
If I select 'e' Option on line "Ubuntu, with Linux 2.6.38-10server":

  "GNU GRUB version 1.99~rcl-13ubuntu3".
setparams 'Ubuntu, with Linus 2.6.38-10server'

recordfail
set gfxpayload=$linux_gfx_mode
insmod part_msdos
insmod ext2
set root='hd3,msdos1)'
search --no-floppy --fs-uuid --set=root ######xx-x###-#x#x-x###-####x#x\xx###
Linux /vmlinux-2.6.38-10-server root=/dev/mapper/MachineName-root ro \quiet
initrd /initrd.img-2.6.38-10-server
------------------------------------------------------------------------

When I Log into my other Ubuntu Single Drive, I can browse the 256mb filesystem ######xx-x###-#x#x-x###-####x#x but I am unable to mount the 750GB LVM2 Physical Volume Not a mountable file system. Once I get this message after typing in the password, I can not attempt to remount it. I had selected the forget immediately option when typing in the password. Loggi...

Read more...

Revision history for this message
Sebastian Senander (senanders) wrote :

I can now confirm that this also occurs on Ubuntu 12.04 Desktop with generic kernel 3.2.0.24.26.
John, I'm not sure, are you and I having the same problem at all? Or should I better open a new bug report?

In opposition to you, booting goes on straight and I can use Unity without any problems. But there is always this message like in #5.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cryptsetup (Ubuntu):
status: New → Confirmed
Revision history for this message
John Neffenger (jgneff) wrote :

I just upgraded to Ubuntu 12.10, and now I'm seeing the same message on boot:

  /scripts/local-top/cryptroot: line 1: can't open /dev/mapper/p490-root: no such file

The contents of "/var/log/boot.log" and "/etc/crypttab" are below.

/var/log/boot.log:

  Reading all physical volumes. This may take a while...
  Found volume group "p490" using metadata type lvm2
  3 logical volume(s) in volume group "p490" now active
/scripts/local-top/cryptroot: line 1: can't open /dev/mapper/p490-root: no such file
fsck from util-linux 2.20.1
fsck from util-linux 2.20.1
fsck from util-linux 2.20.1
/dev/mapper/p490-root: clean, 220625/1003680 files, 1770508/4006912 blocks (check after next mount)
/dev/sda1: clean, 263/124496 files, 53854/248832 blocks
/dev/mapper/p490-home: clean, 175868/13721600 files, 17080230/54867968 blocks

/etc/crypttab:

sda5_crypt UUID=497c7a02-64bf-496e-9cff-f0611c8c2490 none luks
sdb3_crypt UUID=e35c4825-3fd1-4145-8b5c-33a6f64172ef none luks,noauto

The system seems to boot normally after the message, though.

Revision history for this message
ilf (ilf) wrote :

I got exactly the same behavior as #11. Maybe we sould file a new bug, since the rest works?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.